Bluffers guide to privacy and encryption tools

I’m not a rampant activist by any means. Over the last few months, though, I’ve become increasingly unsettled by the way some corporations and governments gather and use our data. While I have nothing to hide (cough) I believe my data is mine. I’m happy to share some of it, given a choice, but often we have no choice in the matter.

So, I’ve been steadily piecing together a personal toolkit of privacy and encryption tools. I thought I’d share what I currently use for a number of reasons:

There may be people out there who, like me initially, aren’t sure what they can do

I’m not an infosec specialist. I could be missing better tools and, if you’re reading this, I’d love to hear your suggestions in the comments

There’s a possibility that some of the things I’m doing are not as safe as I think they are – again, if you can improve the toolkit I’d really appreciate it

I’m not going to talk about privacy on social networks like Facebook because, well, there is none. It’s a free service and Facebook’s business model is to sell you – your data. If you’re uploading personal information there, you only have yourself to blame.

DuckDuckGo

I switched my default search engine on computers and smartphone to DuckDuckGo. Unlike other search engines, they don’t track everything you search for. The image search function isn’t quite as good as Google but otherwise I have no complaints.

1Password

Don’t use the same password everywhere. Make sure you have complex passwords. That’s the advice but if you have several hundred logins you’ll go mad without a way to manage them. There are many options but I like 1Password because of the interface, iOS integration, browser extension and sync across devices.

Adblock Plus

Online ads typically track your behaviour around the web so that you can be profiled and served more ads. Many people find they interrupt your activities, slow down browsing and use up your precious mobile data. I’m not going to get into the ethics of blocking ads here, just pointing out that Adblock Plus have a great browser extension and iPhone app.

Tor

Tor is a browser (and other tools) that allows you to browse the internet and hidden services anonymously. The technical details are on their website so I won’t go into it here. Worth noting that they currently have a Tor Messenger service in beta.

Signal 2.0

Open Whisper Systems have a mobile app that allows you to make phone calls and send text messages using end-to-end encryption. Edward Snowden likes it.

GPGtools

GPGTools have a suite of encryption tools called GPG Suite that allow you to encrypt files and email using either PGP or S/MIME. If you want my public key so you can send me encrypted email, it’s here in ASC format.

Open Rights Group

Some great comments from Richard Hewitt (currently working in information security for The Engine Group), published here with his approval.

I personally don’t like Tor. You can’t trust the exit nodes, the latency is horrendous and you really really can’t trust the exit nodes. Like ever.

If your objective is simply avoiding bulk surveillance, and you aren’t trying to be a cyber criminal or otherwise doing something illegal, then the following works real well:

Take out a small linux vitrual server with a provider of your choice. Main thing you want to choose is which country the VPS is located in. You could use Amazon EC2 or anything. You could even club together with other like minded enthusiasts – cost would be like a dollar a month.

SSH into the box, and install chromium or ice weasel.

Use the client from http://mobaxterm.mobatek.net/ to SSH into the box again.

Run Chromium from the command line. Automagically, a chromium browser will appear on your desktop as if you were running it locally. But really it’s running on your VPS.

All your browsing traffic is originating and terminating on the VPS – where ever in the world that happens to be – and the only traffic from your home IP is SSH traffic – which is encrypted.

Targeted surveillance (e.g. if you REALLY were a bad guy) would still get you. But bulk surveillance is trivially thwarted doing this. And you aren’t trusting your data to a tor exit node. Did I mention not to trust those?

There’s lots of ways to skin this cat. You can also set up the Squid caching proxy server on the remote VPS and use SSH tunneling to connect your local browsers to the cache over SSH. That’s more work than the above but works a lot better for sound/video etc.

Please, if you have any suggestions for improving this toolkit I’d really like to know. Please drop me a line in the comments if you don’t mind it being public. If you’d rather stay off the record then you can use Signal or my PGP key.

We use cookies from third party services to offer you a better experience. Read about how we use cookies and how you can control them by clicking "Privacy Preferences".

Privacy Preference Center

Privacy Preferences

When you visit any website, it may store or retrieve information through your browser, usually in the form of cookies. Since we respect your right to privacy, you can choose not to permit data collection from certain types of services. However, not allowing these services may impact your experience.

Privacy Policy

Required

You read and agreed to our Privacy Policy.

Google Fonts

Required

We use Google Fonts to make all the copy look nice.

YouTube

We use the YouTube service to enable video content streaming on this site.

Vimeo

Required

We use the Vimeo service to enable video content streaming on this site.

Tracking

Required

We use Google Analytics to help us understand how people use this site.